Coder Social home page Coder Social logo

oauth-demo-sequelize-aad's Introduction

oauth-demo

To run this project:

  1. Make sure your working directory is inside oauth-demo
  2. npm install
  3. add a .env file to the root of the project. ie: as a sibling to start.js and app.js. here's a sample: (You'll need to get the settings for redirect url, post logout, and clientID/secret from Azure Active Directory)
NODE_ENV=development
PORT=7777
SECRET=forlife
KEY_NAME=sweetsesh

redirectUrl=http://localhost:7777/auth/openid/callback
destroySessionUrl=https://login.microsoftonline.com/common/oauth2/logout?post_logout_redirect_uri=http://localhost:7777
clientID=d42ebb46-aa78-409a-9372-5ae3a08c0f85
clientSecret=jyrYfducaLp9gBGxn8w1U251dQjVHCS+MVA24eylkss=

dbusername=sqladmin
dbpassword=!Password4d4
host=sqlsrv.database.windows.net
db=tim-dev
  1. npm run start will start as if we're running in production. This will synchronize our database and start our application.
  2. In start.js there is an object passed to our sequelize orm to force a rebuild of our db:
models.sequelize.sync({ force: false }).then(function () { // change force to true to rebuild db
  1. Now visit http://localhost:7777 (or whatever port you've set in .env) to view our site.

Some things to be aware of.

Using a signed session. We need to issue back a signed json token to the client. So they can't reverse engineer the session info.

Sign server signed, from the token from passport, once a day we need to validate that the token you're using to sign is still a valid passport. If that's valid and the signing of your token is valid. Depends on the risk model and threat model.

"role based security with oauth node json web tokens"

Mapping the AAD Role to a Scope. OAUTH - Scopes is what we should be looking for. OpenID Connect - Scopes - Shall live here. Properties on the JWT, libraries will utilize this. Take a look at AuthO - for express

Todo:

Adding TLS to express: https://nodejs.org/api/https.html#https_https_createserver_options_requestlistener

Reading List:

https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Azure-Active-Directory-now-with-Group-Claims-and-Application/ba-p/243862

https://tools.ietf.org/html/rfc6749

JWT For AD: https://github.com/Azure-Samples/active-directory-dotnet-webapi-manual-jwt-validation

References:

https://github.com/AzureAD/passport-azure-ad

Team

oauth-demo-sequelize-aad's People

Contributors

timmyreilly avatar

Watchers

avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.